PyPI - skyplatform-iam - Versions diffs - 1.0.5__py3-none-any.whl → 1.2.0__py3-none-any.whl - Mend

skyplatform-iam 1.0.5py3-none-any.whl → 1.2.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

skyplatform_iam/__init__.py +73 -69
skyplatform_iam/config.py +46 -180
skyplatform_iam/connect_agenterra_iam.py +147 -161
skyplatform_iam/middleware.py +69 -145
{skyplatform_iam-1.0.5.dist-info → skyplatform_iam-1.2.0.dist-info}/METADATA +1 -1
skyplatform_iam-1.2.0.dist-info/RECORD +8 -0
skyplatform_iam/api.py +0 -366
skyplatform_iam/global_manager.py +0 -272
skyplatform_iam-1.0.5.dist-info/RECORD +0 -10
{skyplatform_iam-1.0.5.dist-info → skyplatform_iam-1.2.0.dist-info}/WHEEL +0 -0

skyplatform_iam/__init__.py CHANGED Viewed

@@ -4,28 +4,8 @@ SkyPlatform IAM SDK
 """
 from .config import AuthConfig
-from .middleware import (
-    AuthMiddleware,
-    AuthService,
-    setup_auth_middleware,
-    get_current_user,
-    get_optional_user,
-    create_auth_middleware
-)
+from .middleware import AuthMiddleware, AuthService, setup_auth_middleware, get_current_user, get_optional_user
 from .connect_agenterra_iam import ConnectAgenterraIam
-from .global_manager import GlobalIAMManager, get_global_manager
-from .api import (
-    init_skyplatform_iam,
-    get_iam_client,
-    create_lazy_iam_client,
-    LazyIAMClient,
-    get_current_user_info,
-    verify_permission,
-    get_config,
-    get_sdk_status,
-    reset_sdk,
-    setup_auth  # 向后兼容的别名
-)
 from .exceptions import (
     SkyPlatformAuthException,
     AuthenticationError,
@@ -37,39 +17,28 @@ from .exceptions import (
     NetworkError
 )
-__version__ = "2.0.0"
+__version__ = "1.2.0"
 __author__ = "x9"
 __description__ = "SkyPlatform IAM认证SDK，提供FastAPI中间件和IAM服务连接功能"
+# 全局IAM客户端实例
+_global_iam_client = None
 # 导出主要类和函数
 __all__ = [
     # 配置
     "AuthConfig",
-    # 新的统一API（推荐使用）
-    "init_skyplatform_iam",
-    "get_iam_client",
-    "create_lazy_iam_client",
-    "LazyIAMClient",
-    "get_current_user_info",
-    "verify_permission",
-    "get_config",
-    "get_sdk_status",
-    "reset_sdk",
-    # 全局管理器
-    "GlobalIAMManager",
-    "get_global_manager",
     # 中间件
     "AuthMiddleware",
     "AuthService",
-    "create_auth_middleware",
+    "setup_auth_middleware",
     "get_current_user",
     "get_optional_user",
     # 客户端
     "ConnectAgenterraIam",
+    "get_iam_client",
     # 异常
     "SkyPlatformAuthException",
@@ -81,10 +50,6 @@ __all__ = [
     "IAMServiceError",
     "NetworkError",
-    # 向后兼容（已废弃）
-    "setup_auth_middleware",
-    "setup_auth",
     # 版本信息
     "__version__",
     "__author__",
@@ -92,10 +57,9 @@ __all__ = [
 ]
-# 向后兼容的便捷函数（已废弃）
-def create_auth_middleware_legacy(config: AuthConfig = None, **kwargs) -> AuthMiddleware:
+def create_auth_middleware(config: AuthConfig = None, **kwargs) -> AuthMiddleware:
     """
-    创建认证中间件的便捷函数（已废弃）
+    创建认证中间件的便捷函数
     Args:
         config: 认证配置，如果为None则从环境变量创建
@@ -104,25 +68,19 @@ def create_auth_middleware_legacy(config: AuthConfig = None, **kwargs) -> AuthMi
     Returns:
         AuthMiddleware: 认证中间件实例
-    Deprecated:
-        请使用 init_skyplatform_iam() + create_auth_middleware() 替代
+    Note:
+        此函数用于创建中间件实例，用于请求拦截和鉴权。
+        客户端应用需要自己实现具体的业务接口。
     """
-    import warnings
-    warnings.warn(
-        "create_auth_middleware_legacy()已废弃，请使用init_skyplatform_iam() + create_auth_middleware()替代",
-        DeprecationWarning,
-        stacklevel=2
-    )
     if config is None:
         config = AuthConfig.from_env()
-    return AuthMiddleware(config=config, use_global_manager=False, **kwargs)
+    return AuthMiddleware(config=config, **kwargs)
-def setup_auth_legacy(app, config: AuthConfig = None):
+def init_skyplatform_iam(app, config: AuthConfig = None):
     """
-    一键设置认证中间件的便捷函数（已废弃）
+    一键设置认证中间件的便捷函数
     Args:
         app: FastAPI应用实例
@@ -131,16 +89,11 @@ def setup_auth_legacy(app, config: AuthConfig = None):
     Returns:
         AuthMiddleware: 认证中间件实例
-    Deprecated:
-        请使用 init_skyplatform_iam() 替代
+    Note:
+        此函数只设置认证中间件，不包含预制路由。
+        客户端应用需要根据业务需求自己实现认证相关的API接口。
+        建议传入完整的AuthConfig对象以避免环境变量配置问题。
     """
-    import warnings
-    warnings.warn(
-        "setup_auth_legacy()已废弃，请使用init_skyplatform_iam()替代",
-        DeprecationWarning,
-        stacklevel=2
-    )
     if config is None:
         config = AuthConfig.from_env()
@@ -151,7 +104,58 @@ def setup_auth_legacy(app, config: AuthConfig = None):
     setup_auth_middleware(config)
     # 添加中间件
-    middleware = AuthMiddleware(app=app, config=config, use_global_manager=False)
-    app.add_middleware(AuthMiddleware, config=config, use_global_manager=False)
+    middleware = AuthMiddleware(app=app, config=config)
+    app.add_middleware(AuthMiddleware, config=config)
-    return middleware
+    return middleware
+def get_iam_client(config: AuthConfig = None) -> ConnectAgenterraIam:
+    """
+    获取全局IAM客户端实例
+    Args:
+        config: 认证配置，如果为None则从环境变量创建
+    Returns:
+        ConnectAgenterraIam: IAM客户端实例
+    Note:
+        此函数使用单例模式，确保整个应用中只有一个IAM客户端实例。
+        第一次调用时会创建实例，后续调用会返回同一个实例。
+        如果需要更新配置，可以传入新的config参数。
+    Example:
+        # 使用默认配置（从环境变量）
+        iam_client = get_iam_client()
+        # 使用自定义配置
+        config = AuthConfig(
+            agenterra_iam_host="https://iam.example.com",
+            server_name="my_server",
+            access_key="my_access_key"
+        )
+        iam_client = get_iam_client(config)
+        # 调用IAM服务方法
+        result = iam_client.register(
+            cred_type="username",
+            cred_value="test_user",
+            password="password123"
+        )
+    """
+    global _global_iam_client
+    # 如果传入了新的配置，或者实例不存在，则创建/更新实例
+    if config is not None:
+        if _global_iam_client is None:
+            _global_iam_client = ConnectAgenterraIam(config=config)
+        else:
+            # 重新加载配置
+            _global_iam_client.reload_config(config)
+    elif _global_iam_client is None:
+        # 使用默认配置创建实例
+        default_config = AuthConfig.from_env()
+        _global_iam_client = ConnectAgenterraIam(config=default_config)
+    return _global_iam_client

skyplatform_iam/config.py CHANGED Viewed

@@ -1,28 +1,30 @@
 """
 SkyPlatform IAM SDK 配置模块
 """
+import logging
 import os
 import fnmatch
-import logging
-from typing import Optional, List, Dict, Any
-from pydantic import BaseModel, Field, validator
+from typing import List, Optional, Dict
+import jwt
+from pydantic import BaseModel, Field
 from dotenv import load_dotenv
 # 加载环境变量
 load_dotenv()
 logger = logging.getLogger(__name__)
 class AuthConfig(BaseModel):
     """
     认证配置类
-    支持环境变量和代码配置，增强配置验证和管理功能
+    支持环境变量和代码配置
     """
     # IAM服务配置
     agenterra_iam_host: str
     server_name: str
     access_key: str
+    machine_token: str
     # Token配置
     token_header: str = "Authorization"
@@ -33,184 +35,33 @@ class AuthConfig(BaseModel):
     # 白名单路径配置（实例变量）
     whitelist_paths: List[str] = Field(default_factory=list)
-    # 连接配置
-    timeout: int = 30
-    max_retries: int = 3
-    # 缓存配置
-    enable_cache: bool = True
-    cache_ttl: int = 300  # 5分钟
     class Config:
-        env_prefix = "SKYPLATFORM_"
-        validate_assignment = True
-    @validator('agenterra_iam_host')
-    def validate_iam_host(cls, v):
-        """验证IAM主机地址"""
-        if not v:
-            raise ValueError("agenterra_iam_host不能为空")
-        if not (v.startswith('http://') or v.startswith('https://')):
-            raise ValueError("agenterra_iam_host必须以http://或https://开头")
-        return v.rstrip('/')  # 移除末尾的斜杠
-    @validator('server_name')
-    def validate_server_name(cls, v):
-        """验证服务名称"""
-        if not v or not v.strip():
-            raise ValueError("server_name不能为空")
-        return v.strip()
-    @validator('access_key')
-    def validate_access_key(cls, v):
-        """验证访问密钥"""
-        if not v or not v.strip():
-            raise ValueError("access_key不能为空")
-        if len(v.strip()) < 8:
-            raise ValueError("access_key长度不能少于8个字符")
-        return v.strip()
-    @validator('timeout')
-    def validate_timeout(cls, v):
-        """验证超时时间"""
-        if v <= 0:
-            raise ValueError("timeout必须大于0")
-        return v
-    @validator('max_retries')
-    def validate_max_retries(cls, v):
-        """验证最大重试次数"""
-        if v < 0:
-            raise ValueError("max_retries不能小于0")
-        return v
-    @validator('cache_ttl')
-    def validate_cache_ttl(cls, v):
-        """验证缓存TTL"""
-        if v <= 0:
-            raise ValueError("cache_ttl必须大于0")
-        return v
+        env_prefix = "AGENTERRA_"
     @classmethod
-    def from_env(cls, prefix: str = "SKYPLATFORM_") -> "AuthConfig":
+    def from_env(cls) -> "AuthConfig":
         """
         从环境变量创建配置
-        Args:
-            prefix: 环境变量前缀，默认为SKYPLATFORM_
-        Returns:
-            AuthConfig: 配置实例
-        Raises:
-            ValueError: 配置验证失败
         """
-        logger.info(f"从环境变量加载配置，前缀: {prefix}")
-        # 支持多种环境变量前缀（向后兼容）
-        def get_env_value(key: str, default: str = '') -> str:
-            # 优先使用新前缀
-            value = os.environ.get(f"{prefix}{key}", '')
-            if not value:
-                # 回退到旧前缀
-                value = os.environ.get(f"AGENTERRA_{key}", default)
-            return value
-        # 解析白名单路径
-        whitelist_paths_str = get_env_value('WHITELIST_PATHS', '')
-        whitelist_paths = []
-        if whitelist_paths_str:
-            whitelist_paths = [path.strip() for path in whitelist_paths_str.split(',') if path.strip()]
-        config = cls(
-            agenterra_iam_host=get_env_value('IAM_HOST'),
-            server_name=get_env_value('SERVER_NAME'),
-            access_key=get_env_value('ACCESS_KEY'),
-            enable_debug=get_env_value('ENABLE_DEBUG', 'false').lower() == 'true',
-            whitelist_paths=whitelist_paths,
-            timeout=int(get_env_value('TIMEOUT', '30')),
-            max_retries=int(get_env_value('MAX_RETRIES', '3')),
-            enable_cache=get_env_value('ENABLE_CACHE', 'true').lower() == 'true',
-            cache_ttl=int(get_env_value('CACHE_TTL', '300'))
+        return cls(
+            agenterra_iam_host=os.environ.get('AGENTERRA_IAM_HOST', ''),
+            server_name=os.environ.get('AGENTERRA_SERVER_NAME', ''),
+            access_key=os.environ.get('AGENTERRA_ACCESS_KEY', ''),
+            enable_debug=os.environ.get('AGENTERRA_ENABLE_DEBUG', 'false').lower() == 'true',
+            machine_token=os.environ.get('MACHINE_TOKEN', ''),
+            whitelist_paths=[]  # 初始化空的白名单路径列表
         )
-        logger.info(f"配置加载完成: server_name={config.server_name}, "
-                   f"iam_host={config.agenterra_iam_host}, "
-                   f"whitelist_paths_count={len(config.whitelist_paths)}")
-        return config
-    def validate_config(self) -> None:
+    def validate_config(self) -> bool:
         """
-        验证配置完整性
-        Raises:
-            ValueError: 配置验证失败
+        验证配置是否完整
         """
-        logger.debug("开始验证配置完整性")
-        # Pydantic会自动调用validator，这里只需要检查业务逻辑
-        if not self.agenterra_iam_host:
-            raise ValueError("agenterra_iam_host不能为空")
-        if not self.server_name:
-            raise ValueError("server_name不能为空")
-        if not self.access_key:
-            raise ValueError("access_key不能为空")
-        logger.info("配置验证通过")
-    def merge_config(self, other: "AuthConfig") -> "AuthConfig":
-        """
-        合并配置，other的非空值会覆盖当前配置
-        Args:
-            other: 要合并的配置
-        Returns:
-            AuthConfig: 合并后的新配置实例
-        """
-        logger.debug("开始合并配置")
-        # 获取当前配置的字典表示
-        current_dict = self.dict()
-        other_dict = other.dict()
-        # 合并配置
-        merged_dict = current_dict.copy()
-        for key, value in other_dict.items():
-            if key == 'whitelist_paths':
-                # 白名单路径需要合并而不是覆盖
-                merged_paths = list(set(current_dict[key] + value))
-                merged_dict[key] = merged_paths
-            elif value:  # 只有非空值才覆盖
-                merged_dict[key] = value
-        logger.debug(f"配置合并完成，合并后的配置: {merged_dict}")
-        return AuthConfig(**merged_dict)
-    def to_dict(self) -> Dict[str, Any]:
-        """
-        转换为字典格式
-        Returns:
-            Dict: 配置字典
-        """
-        return self.dict()
-    def copy_with_updates(self, **updates) -> "AuthConfig":
-        """
-        创建配置副本并更新指定字段
-        Args:
-            **updates: 要更新的字段
-        Returns:
-            AuthConfig: 更新后的配置副本
-        """
-        config_dict = self.dict()
-        config_dict.update(updates)
-        return AuthConfig(**config_dict)
+        required_fields = ['agenterra_iam_host', 'server_name', 'access_key']
+        for field in required_fields:
+            if not getattr(self, field):
+                raise ValueError(f"配置项 {field} 不能为空")
+        return True
     def _normalize_path(self, path: str) -> str:
         """
@@ -218,15 +69,15 @@ class AuthConfig(BaseModel):
         """
         if not path:
             return path
         # 确保路径以 / 开头
         if not path.startswith('/'):
             path = '/' + path
         # 移除重复的斜杠
         while '//' in path:
             path = path.replace('//', '/')
         return path
     def add_whitelist_path(self, path: str) -> None:
@@ -235,7 +86,7 @@ class AuthConfig(BaseModel):
         """
         if not path:
             return
         normalized_path = self._normalize_path(path)
         if normalized_path not in self.whitelist_paths:
             self.whitelist_paths.append(normalized_path)
@@ -253,7 +104,7 @@ class AuthConfig(BaseModel):
         """
         if not path:
             return
         normalized_path = self._normalize_path(path)
         if normalized_path in self.whitelist_paths:
             self.whitelist_paths.remove(normalized_path)
@@ -276,12 +127,27 @@ class AuthConfig(BaseModel):
         """
         if not path:
             return False
         normalized_path = self._normalize_path(path)
         for whitelist_path in self.whitelist_paths:
             # 支持通配符匹配
             if fnmatch.fnmatch(normalized_path, whitelist_path):
                 return True
         return False
+def decode_jwt_token(token: str) -> Optional[Dict]:
+    """直接解析JWT token获取payload"""
+    try:
+        # 不验证签名，只解析payload（因为token已经通过verify_token验证过）
+        decoded_payload = jwt.decode(token, options={"verify_signature": False})
+        logger.debug(f"JWT token解析成功: {decoded_payload}")
+        return decoded_payload
+    except jwt.InvalidTokenError as e:
+        logger.error(f"JWT token解析失败: {str(e)}")
+        return None
+    except Exception as e:
+        logger.error(f"JWT token解析异常: {str(e)}")
+        return None

skyplatform-iam 1.0.5__py3-none-any.whl → 1.2.0__py3-none-any.whl

skyplatform-iam 1.0.5py3-none-any.whl → 1.2.0py3-none-any.whl